tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James R. Marcus" <jmar...@edhance.com>
Subject snort detecting ICMP traffic, tomcat?
Date Tue, 11 May 2010 14:17:51 GMT
Hi,
I run Snort in a PCI environment. I have just rebuilt Snort and I’m in the tuning stage.

I have Tomcat 6.0.18 in the PCI environment and it may be initiating ICMP traffic to external
IPs. Here is the alert:

[1:486:5] ICMP Destination Unreachable Communication with Destination Host is Administratively
Prohibited [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.10.100.21 -> 134.173.121.59

I have read the summary of the rule at http://www.snort.org/search/sid/486?r=1 and understand
that "no corrective action is necessary" but am curious about this traffic.

Could Tomcat be generating ICMP traffic to an IP accessing the server?

Is this some kind of keep alive?

Thanks,
James
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message